Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NinjaTeam — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting NinjaTeam. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ninjateam operates as a provider of enterprise-grade security solutions, primarily focusing on application security testing and vulnerability management services. Their platform enables organizations to identify and remediate security flaws within software development lifecycles. Historically, vulnerabilities associated with their infrastructure and software components have frequently involved remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from improper input validation or misconfigured access controls within their web interfaces. While specific major public breaches remain limited in public records, the accumulation of thirty CVEs indicates recurring challenges in patch management and secure coding practices. Security analysts recommend rigorous auditing of their deployed instances, particularly regarding authentication mechanisms and API endpoints. The organization continues to address these technical debt issues through regular updates, though the frequency of disclosed vulnerabilities suggests ongoing efforts to harden their architecture against common attack vectors prevalent in modern web applications.

Top products by NinjaTeam: FileBird – WordPress Media Library Folders & File Manager File Manager Pro – Filester WP Chat App GDPR CCPA Compliance & Cookie Consent Banner WP Telegram Chat Widget Notibar – Notification Bar for WordPress WP Duplicate Page FastDup – Fastest WordPress Migration & Duplicator Live Chat with Facebook Messenger Database for Contact Form 7 WP Click to Chat – Email, Live Chat, Call & Book Now Buttons FileBird Pro
CVE IDTitleCVSSSeverityPublished
CVE-2026-1104 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download — FastDup – Fastest WordPress Migration & DuplicatorCWE-862 8.8 High2026-02-12
CVE-2025-14001 WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication — WP Duplicate PageCWE-862 5.4 Medium2026-01-13
CVE-2026-0604 FastDup <= 2.7 - Authenticated (Contributor+) Path Traversal via 'dir_path' REST Parameter — FastDup – Fastest WordPress Migration & DuplicatorCWE-22 6.5 Medium2026-01-06
CVE-2025-66134 WordPress FileBird Pro plugin <= 6.5.1 - Broken Access Control vulnerability — FileBird ProCWE-862 5.4 Medium2025-12-16
CVE-2025-12900 FileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering — FileBird – WordPress Media Library Folders & File ManagerCWE-862 4.3 Medium2025-12-15
CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure — WP Duplicate PageCWE-862 4.3 Medium2025-11-18
CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset — FileBird – WordPress Media Library Folders & File ManagerCWE-285 4.3 Medium2025-10-18
CVE-2025-0818 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion — File Manager Pro – FilesterCWE-22 6.5 Medium2025-08-13
CVE-2025-6986 FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL Injection — FileBird – WordPress Media Library Folders & File ManagerCWE-89 6.5 Medium2025-08-06
CVE-2025-3234 File Manager Pro – Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload — File Manager Pro – FilesterCWE-434 7.2 High2025-06-14
CVE-2025-5236 NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter — WP Telegram Chat WidgetCWE-79 6.4 Medium2025-05-30
CVE-2025-1672 Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting — Notibar – Notification Bar for WordPressCWE-79 5.5 Medium2025-03-06
CVE-2024-11885 NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Telegram Chat WidgetCWE-79 6.4 Medium2024-12-24
CVE-2024-12331 File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation — File Manager Pro – FilesterCWE-862 4.3 Medium2024-12-19
CVE-2024-11012 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text — Notibar – Notification Bar for WordPressCWE-94 6.3 Medium2024-12-13
CVE-2024-9669 File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion — File Manager Pro – FilesterCWE-22 7.2 High2024-11-28
CVE-2024-8066 File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload — File Manager Pro – FilesterCWE-434 7.5 High2024-11-28
CVE-2024-10533 WP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation — WP Chat AppCWE-862 4.3 Medium2024-11-16
CVE-2024-10055 Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode — WP Click to Chat – Email, Live Chat, Call & Book Now ButtonsCWE-79 6.4 Medium2024-10-18
CVE-2024-7031 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update — File Manager Pro – FilesterCWE-862 7.5 High2024-08-03
CVE-2024-5607 GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting — GDPR CCPA Compliance & Cookie Consent BannerCWE-862 5.4 Medium2024-06-07
CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference — FileBird – WordPress Media Library Folders & File ManagerCWE-639 5.4 Medium2024-05-02
CVE-2024-2345 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting — FileBird – WordPress Media Library Folders & File ManagerCWE-79 6.4 Medium2024-05-02
CVE-2024-2513 WP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute — WP Chat AppCWE-20 6.4 Medium2024-04-09
CVE-2024-29103 WordPress Database for Contact Form 7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability — Database for Contact Form 7CWE-79 7.1 High2024-03-19
CVE-2024-1761 WP Chat App <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — WP Chat AppCWE-79 6.4 Medium2024-03-07
CVE-2023-51370 WordPress WP Chat App Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS) — WP Chat AppCWE-79 5.9 Medium2024-02-12
CVE-2024-0691 FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import — FileBird – WordPress Media Library Folders & File ManagerCWE-79 5.5 Medium2024-02-05
CVE-2023-5740 Live Chat with Facebook Messenger <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Live Chat with Facebook MessengerCWE-79 6.4 Medium2023-10-24
CVE-2020-36718 GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection — GDPR CCPA Compliance & Cookie Consent BannerCWE-502 9.8 Critical2023-06-07

This page lists every published CVE security advisory associated with NinjaTeam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.